Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qem

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qem

From:	Daniel P. Berrange
Subject:	Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu
Date:	Thu, 5 Nov 2009 14:46:08 +0000
User-agent:	Mutt/1.4.1i

On Thu, Nov 05, 2009 at 04:36:19PM +0200, Avi Kivity wrote:
> On 11/05/2009 04:33 PM, Avi Kivity wrote:
> >and concerned that we're loosening security for qemu non-users.
> >
> 
> I see you've addressed this via an acl system.  Still, this is IMO 
> should be outside qemu, esp. as security is now much more than 
> users/groups (i.e. selinux and friends).

IMHO this needs to hook into PolicyKit, since that is the access control
framework that is being standardized on across the desktop. It is quite
easy to work with - all you need do is provide a policy file, and to
authorize a user, you'd run the 'pkcheck' program and its exit status
gives the result. 

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qemu, (continued)
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/04
  - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Michael S. Tsirkin, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Arnd Bergmann, 2009/11/06
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/06
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Michael S. Tsirkin, 2009/11/08
  - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
  - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Daniel P. Berrange <=
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Daniel P. Berrange, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
    - Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05

Prev by Date: Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Next by Date: Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Previous by thread: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu
Next by thread: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu
Index(es):
- Date
- Thread